Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

wip #487

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
cyclotruc wants to merge 9 commits into main
base: main
Choose a base branch
Loading
from demo
Draft

wip #487

cyclotruc wants to merge 9 commits into main from demo

Conversation

Copy link
Member

@cyclotruc cyclotruc commented Aug 4, 2025

No description provided.

function setAIButtonLoadingState(submitButton, isLoading) {
if (!isLoading) {
submitButton.disabled = false;
submitButton.innerHTML = submitButton.getAttribute('data-original-content') || 'Ingest';

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix

AI 28 days ago

To fix the problem, we need to ensure that any text assigned to submitButton.innerHTML is properly escaped so that it cannot be interpreted as HTML. The best way to do this is to use textContent instead of innerHTML when restoring the button's original content, as textContent will treat the value as plain text and not parse it as HTML. However, since the loading state uses HTML (a spinner SVG and markup), we need to use innerHTML only for the loading state, and use textContent for restoring the original button label.

Specifically, in the setAIButtonLoadingState function:

  • When restoring the button to its original state (isLoading === false), set submitButton.textContent to the value of data-original-content (or 'Ingest').
  • When entering the loading state, continue to use innerHTML for the spinner markup.

This change should be made in the region around line 102 in src/static/js/utils_ai.js.

Suggested changeset 1
src/static/js/utils_ai.js

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/static/js/utils_ai.js b/src/static/js/utils_ai.js
--- a/src/static/js/utils_ai.js
+++ b/src/static/js/utils_ai.js
@@ -101,3 +101,3 @@
 submitButton.disabled = false;
- submitButton.innerHTML = submitButton.getAttribute('data-original-content') || 'Ingest';
+ submitButton.textContent = submitButton.getAttribute('data-original-content') || 'Ingest';
 submitButton.classList.remove('bg-[#ffb14d]', 'opacity-75', 'cursor-not-allowed');
EOF
@@ -101,3 +101,3 @@
submitButton.disabled = false;
submitButton.innerHTML = submitButton.getAttribute('data-original-content') || 'Ingest';
submitButton.textContent = submitButton.getAttribute('data-original-content') || 'Ingest';
submitButton.classList.remove('bg-[#ffb14d]', 'opacity-75', 'cursor-not-allowed');
Copilot is powered by AI and may make mistakes. Always verify output.
Copy link

github-actions bot commented Aug 5, 2025

This pull request has merge conflicts that must be resolved before it can be merged.

cyclotruc reacted with thumbs down emoji

Copy link

github-actions bot commented Aug 5, 2025

This pull request has resolved merge conflicts and is ready for review.

cyclotruc reacted with thumbs down emoji

Copy link

This pull request has merge conflicts that must be resolved before it can be merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

AltStyle によって変換されたページ (->オリジナル) /